diff options
| author | Yang Tse <yangsita@gmail.com> | 2009-11-14 02:30:30 +0000 |
|---|---|---|
| committer | Yang Tse <yangsita@gmail.com> | 2009-11-14 02:30:30 +0000 |
| commit | 90bc6ee8f38eec0dd6c7c8dbea22b0cba2998ee2 (patch) | |
| tree | 9d7a6aeb2d7347b1c69eb371ba1a5d9111130fba | |
| parent | 5e75817d44f4695aa513ce43d2a9d865355d5544 (diff) | |
- Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | lib/url.c | 9 | ||||
| -rw-r--r-- | lib/urldata.h | 3 |
4 files changed, 17 insertions, 0 deletions
@@ -6,6 +6,10 @@ Changelog +Yang Tse (14 Nov 2009) +- Constantine Sapuntzakis provided the fix that ensures that an SSL connection + won't be reused unless protection level for peer and host verification match. + Kamil Dudka (12 Nov 2009) - Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly closed NSPR descriptor. The issue was hard to find, reported several times diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f68e5798e..25daa4368 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,7 @@ This release includes the following bugfixes: o progress meter/callback during FTP connection o DNS cache timeout while transfer in progress o compilation when configured --with-gssapi having GNU GSS installed + o SSL connection reused with mismatched protection level This release includes the following known bugs: @@ -2689,6 +2689,12 @@ ConnectionExists(struct SessionHandle *data, /* don't do mixed SSL and non-SSL connections */ continue; + if(needle->protocol&PROT_SSL) { + if((data->set.ssl.verifypeer != check->verifypeer) || + (data->set.ssl.verifyhost != check->verifyhost)) + continue; + } + if(needle->bits.proxy != check->bits.proxy) /* don't do mixed proxy and non-proxy connections */ continue; @@ -4326,6 +4332,9 @@ static CURLcode create_conn(struct SessionHandle *data, conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; + conn->verifypeer = data->set.ssl.verifypeer; + conn->verifyhost = data->set.ssl.verifyhost; + if(data->multi && Curl_multi_canPipeline(data->multi) && !conn->master_buffer) { /* Allocate master_buffer to be used for pipelining */ diff --git a/lib/urldata.h b/lib/urldata.h index d3101c03a..40ed8285d 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1083,6 +1083,9 @@ struct connectdata { #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) int socks5_gssapi_enctype; #endif + + long verifypeer; + long verifyhost; }; /* The end of connectdata. */ |